Saturday, June 29, 2013

Forticlient SSL VPN Routing Problem

Do you have towork with aForticlientVPN SSL client from yourFedora?For me it wasa totalbummer because theofficial Linuxclientisdiscontinued andit seems that its latest versiondoes not work properly on Fedora.

Butthat's not theproblem.WhenI try to connectto a VPNthrough thisapplication, it is successfully completed.Moreover,addsa network interfacecalled 'ppp0'. For now, no problem.

So what's the problem?I cannotpingto any machinein the network.Afterinvestigationand suspicions, I foundthatthe connectiondoes not routethe requests.The following commandsolves this issue ({ip-address-from-adapter-ppp0} is replaced by the IP address from network adapter 'ppp0'):

route add default gw {ip-address-from-adapter-ppp0} ppp0

What does that do? It routesall trafficthrough the gatewayconnected tothe network interface'ppp0'.

The only problem is that you have to run this command every time you connect to the VPN. On my next post, I will post the script to automate this process.Problem solved!

14 comments:

I don't know how old this post is but I have another solution. Actually if you look into helper/forticlientsslvpn.log you will notice that theres a command failing. Basically is because the script sysconfig.linux.sh does not get the address of the interface ppp0 correctly. So the line 63 (or 64) which looks like this: addr=`ifconfig $ifn |grep "inet"|awk ' {print $2 }'| awk -F : '{ print $2}'`should not have the las awk, so just modify it to this: addr=`ifconfig $ifn |grep "inet"|awk ' {print $2 }'`E Voilà...Also, just on a side note the only forticlient executable for linux I could find is compiled for 32bit, if you try to execute it on your system and it fails with something like "executable does not exists" then it's because your system is on 64bit, you should download gcc-32 and glibc-32 and lib32-gtk so it can run.Hope this saves some time to someone else.

This tutorial worked me like a great cure of my SSL VPN routing problem. I was having complication sorting out such problem easily, therefore truly pleased to learn how things actually works on such Linux based platform. Thanks.

So many times these types of issues we face in dealing with the VPN services but the best things is you can find the solution very easily and the reason is there is a great work done by the top professional and their work is available here. you did a great work by having this post and I really like your idea. When I use DNS services it is good and easy for me to handle although VPN is also great to have in our working.

I had this solution implemented but recently my routes stopped working again, not sure if it's because my distribution (Arch) but after some debugging I found a couple of things.

1. The fix from xirdneh is no longer required on the latest version of forticlientsslvpn (which by the way also has a 64bit binary now)

2. The routes where not implemented because the command to get the addr was grabbing the IP twice, so the "route add" command was failing. The solution was simple, just pipe the command to uniq. The resulting line should look like this: